CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities Published In 2017 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-16546 119 DoS Overflow 2017-11-05 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
2 CVE-2017-15281 119 DoS Overflow 2017-10-12 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
3 CVE-2017-14682 119 DoS Overflow 2017-09-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
4 CVE-2017-14224 119 DoS Exec Code Overflow 2017-09-08 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
5 CVE-2017-14173 190 Overflow 2017-09-07 2019-10-02
4.3
None Remote Medium Not required None None Partial
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
6 CVE-2017-13758 119 Overflow 2017-08-29 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
7 CVE-2017-13140 119 DoS Overflow 2017-08-23 2017-11-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
8 CVE-2017-12983 119 DoS Overflow 2017-08-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
9 CVE-2017-12876 119 DoS Overflow 2017-08-28 2017-11-12
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
10 CVE-2017-11640 119 Overflow 2017-07-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
11 CVE-2017-7275 119 DoS Overflow 2017-03-27 2017-03-29
4.3
None Remote Medium Not required None None Partial
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
12 CVE-2017-6502 119 Overflow 2017-03-05 2017-03-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
13 CVE-2017-5511 119 Overflow 2017-03-24 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
14 CVE-2017-5508 119 DoS Overflow 2017-03-24 2017-11-03
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
15 CVE-2016-10070 125 DoS Overflow 2017-03-03 2018-10-30
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
16 CVE-2016-10067 119 DoS Overflow 2017-03-02 2017-03-07
5.0
None Remote Low Not required None None Partial
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
17 CVE-2016-10066 119 DoS Overflow 2017-03-03 2017-03-04
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
18 CVE-2016-10064 119 DoS Overflow 2017-03-02 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
19 CVE-2016-10063 119 DoS Overflow 2017-03-02 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
20 CVE-2016-10059 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
21 CVE-2016-10057 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
22 CVE-2016-10056 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
23 CVE-2016-10055 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
24 CVE-2016-10054 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
25 CVE-2016-10052 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
26 CVE-2016-10050 119 DoS Overflow 2017-03-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
27 CVE-2016-10049 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
28 CVE-2016-10046 119 DoS Overflow 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
29 CVE-2016-9773 125 DoS Overflow 2017-02-16 2017-02-23
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
30 CVE-2016-9556 119 DoS Overflow 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
31 CVE-2016-9298 119 DoS Overflow 2017-01-27 2017-06-30
4.3
None Remote Medium Not required None None Partial
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
32 CVE-2016-8866 119 Overflow 2017-02-15 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
33 CVE-2016-8862 119 Overflow 2017-02-15 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
34 CVE-2016-8677 119 Overflow 2017-02-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
35 CVE-2016-7525 125 DoS Overflow 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
36 CVE-2016-7521 125 DoS Overflow 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
37 CVE-2016-7520 125 DoS Overflow 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
38 CVE-2016-6823 190 DoS Overflow 2017-01-18 2017-01-23
5.0
None Remote Low Not required None None Partial
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
39 CVE-2015-8957 119 DoS Overflow 2017-04-20 2017-05-09
4.3
None Remote Medium Not required None None Partial
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
40 CVE-2015-8895 190 DoS Overflow 2017-03-15 2018-05-17
5.0
None Remote Low Not required None None Partial
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
41 CVE-2014-9847 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
42 CVE-2014-9846 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
43 CVE-2014-9845 119 DoS Overflow 2017-03-20 2018-10-30
4.3
None Remote Medium Not required None None Partial
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
44 CVE-2014-9843 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
45 CVE-2014-9840 119 DoS Overflow 2017-03-22 2017-03-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
46 CVE-2014-9839 119 DoS Overflow 2017-03-22 2017-03-24
5.0
None Remote Low Not required None None Partial
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
47 CVE-2014-9836 119 DoS Overflow 2017-03-22 2017-03-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
48 CVE-2014-9835 119 Overflow 2017-03-22 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
49 CVE-2014-9834 119 Overflow 2017-03-22 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
50 CVE-2014-9833 119 Overflow 2017-03-22 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
Total number of vulnerabilities : 59   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.